report

package module

v1.0.0 Latest Latest Go to latest Published: Jun 7, 2022 License: MIT Imports: 4 Imported by: 53

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adevinta/vulcan-report

Links

Open Source Insights

README ¶

Vulcan Report

Package to store models and helper functions for generating and manipulating Vulcan reports.

Documentation ¶

Index ¶

Constants
func AggregateScore(vulnerabilities []Vulnerability) float32
func ScoreSeverity(severity SeverityRank) float32
func SecurityStatus(score float32) string
func ValidateReport(r Report) error
func ValidateVulnerability(v Vulnerability) error
type Attachment
type ByScore
type CheckData
type Report
type ResourcesGroup
type ResultData
- func (r *ResultData) AddVulnerabilities(v ...Vulnerability)
type SeverityRank
- func RankSeverity(score float32) SeverityRank
type Vulnerability

Constants ¶

View Source

const (
	CategoryIssue          = "ISSUE"
	CategoryPotentialIssue = "POTENTIAL_ISSUE"
	CategoryCompliance     = "COMPLIANCE"
	CategoryInformational  = "INFORMATIONAL"
)

View Source

const (
	// SeverityThresholdNone defines interesting findings that are not vulnerabilities.
	SeverityThresholdNone = 0
	// SeverityThresholdLow defines vulnerabilities with low impact.
	SeverityThresholdLow = 3.9
	// SeverityThresholdMedium defines vulnerabilities with medium impact.
	SeverityThresholdMedium = 6.9
	// SeverityThresholdHigh defines vulnerabilities with high impact.
	SeverityThresholdHigh = 8.9
	// SeverityThresholdCritical defines vulnerabilities with critical impact.
	SeverityThresholdCritical = 10
)

https://nvd.nist.gov/vuln-metrics/cvss/ CVSS v3.0 Ratings

Severity Base Score Range None 0.0 Low 0.1 - 3.9 Medium 4.0 - 6.9 High 7.0 - 8.9 Critical 9.0 -10.0

Variables ¶

This section is empty.

Functions ¶

func AggregateScore ¶

func AggregateScore(vulnerabilities []Vulnerability) float32

AggregateScore returns an aggregated score for a group of vulnerabilities. NOTE: This is currently a placeholder function which returns the maximum severity score.

func ScoreSeverity ¶

func ScoreSeverity(severity SeverityRank) float32

ScoreSeverity returns the maximum score according to a severity rank.

func SecurityStatus ¶

func SecurityStatus(score float32) string

SecurityStatus returns a grade from A to F (A is good, F is bad) given a target aggregated score

func ValidateReport ¶

func ValidateReport(r Report) error

ValidateReport validates a Report.

func ValidateVulnerability ¶

func ValidateVulnerability(v Vulnerability) error

ValidateVulnerability validates a Vulnerability.

Types ¶

type Attachment ¶

type Attachment struct {
	Name        string `json:"name"`
	ContentType string `json:"content_type"`
	Data        []byte `json:"data"`
}

Attachment found when running the check

type ByScore ¶

type ByScore []Vulnerability

func (ByScore) Len ¶

func (v ByScore) Len() int

func (ByScore) Less ¶

func (v ByScore) Less(i, j int) bool

func (ByScore) Swap ¶

func (v ByScore) Swap(i, j int)

type CheckData ¶

type CheckData struct {
	CheckID          string `json:"check_id"`          // Mandatory.
	ChecktypeName    string `json:"checktype_name"`    // Mandatory.
	ChecktypeVersion string `json:"checktype_version"` // Mandatory.

	Status string `json:"status"` // Mandatory.

	Target  string `json:"target"` // Mandatory.
	Options string `json:"options"`
	Tag     string `json:"tag"`

	StartTime time.Time `json:"start_time"` // Mandatory.
	EndTime   time.Time `json:"end_time"`
}

CheckData defines the data about the execution of the check that generated the report.

type Report ¶

type Report struct {
	CheckData
	ResultData
}

Report represents a check vulnerability report.

func (*Report) MarshalJSONTimeAsString ¶

func (r *Report) MarshalJSONTimeAsString() ([]byte, error)

MarshalJSONTimeAsString marshals a Report to JSON using time as string A custom marshaler is used to rewrite times for Athena and Rails. TODO: Discuss if this is necessary or if we can drop it.

func (*Report) UnmarshalJSONTimeAsString ¶

func (r *Report) UnmarshalJSONTimeAsString(data []byte) error

UnmarshalJSONTimeAsString unmarshals a JSON to a Report using time as string

func (Report) Validate ¶

func (r Report) Validate() error

type ResourcesGroup ¶

type ResourcesGroup struct {
	Name   string
	Header []string
	Rows   []map[string]string
}

| www.adevinta.com | 80  | tcp | http |
| www.adevinta.com | 443 | tcp | http |

The way the Rows are defined is using a map with values for every key defined at the Header attribute.

type ResultData ¶

type ResultData struct {
	Vulnerabilities []Vulnerability `json:"vulnerabilities"` // Array of identified vulnerabilities.

	Data  []byte `json:"data,omitempty"`  // Free field for additional data.
	Notes string `json:"notes,omitempty"` // Free field for additional notes.
	Error string `json:"error"`           // Error message, if any.

	NotApplicable bool `json:"not_applicable,omitempty"` // If the check was not really applicable.
}

ResultData contains the data regarding result of the execution of a check, for instance: vulnerabilities, notes, etc.

func (*ResultData) AddVulnerabilities ¶

func (r *ResultData) AddVulnerabilities(v ...Vulnerability)

AddVulnerabilities is a handy method to add one or more Vulnerabilities to the ResultData.Vulnerability array. It's equivalent to r.Vulnerabilities = append(r.Vulnerabilities,v).

type SeverityRank ¶

type SeverityRank int

const (
	// SeverityNone defines interesting findings that are not vulnerabilities.
	SeverityNone SeverityRank = iota
	// SeverityLow defines vulnerabilities with low impact.
	SeverityLow
	// SeverityMedium defines vulnerabilities with medium impact.
	SeverityMedium
	// SeverityHigh defines vulnerabilities with high impact.
	SeverityHigh
	// SeverityCritical defines vulnerabilities with critical impact.
	SeverityCritical
)

func RankSeverity ¶

func RankSeverity(score float32) SeverityRank

RankSeverity returns the severity rank according to predefined score thresholds.

type Vulnerability ¶

type Vulnerability struct {
	ID string `json:"id"` // Arbitrary UUID that uniquely identifies the vulnerability in every scan.

	Summary                string  `json:"summary"`                  // Mandatory. Vulnerability title.
	Score                  float32 `json:"score"`                    // Vulnerability severity score. According to CVSSv3 base score.
	AffectedResource       string  `json:"affected_resource"`        // Indicates the concrete resource affected by the vulnerability.
	AffectedResourceString string  `json:"affected_resource_string"` // Optionally indicates a human-readable meaningful version of the AffectedResource.
	Fingerprint            string  `json:"fingerprint"`              // Fingerprint defines the context in where the vulnerability has been found.

	CWEID         uint32   `json:"cwe_id,omitempty"`         // CWE-ID.
	Description   string   `json:"description,omitempty"`    // Vulnerability description.
	Details       string   `json:"details,omitempty"`        // Vulnerability details generated when running the check against the target.
	ImpactDetails string   `json:"impact_details,omitempty"` // Vulnerability impact details.
	Labels        []string `json:"labels,omitempty"`         // A list of labels (strings) to enrich the vulnerability.

	Recommendations []string         `json:"recommendations,omitempty"` // Vulnerability remediation suggestions.
	References      []string         `json:"references,omitempty"`      // Reference URLs for more information.
	Resources       []ResourcesGroup `json:"resources,omitempty"`       // ResourcesGroups found when running the check.
	Attachments     []Attachment     `json:"attachments,omitempty"`     // Attachments found when running the check

	Vulnerabilities []Vulnerability `json:"vulnerabilities"` // Mandatory. Array of identified vulnerabilities.
}

Vulnerability represents a single security vulnerability found while running a check.

func (*Vulnerability) AddVulnerabilities ¶

func (v *Vulnerability) AddVulnerabilities(vulnerabilities ...Vulnerability)

AddVulnerabilities is a handy method to add one or more Vulnerabilities to the Vulnerability.Vulnerabilities array. It's equivalent to v.Vulnerabilities = append(v.Vulnerabilities,vulnerabilities)

func (*Vulnerability) AggregateScore ¶

func (v *Vulnerability) AggregateScore()

AggregateScore recalculates the score field for a parent vulnerability.

func (Vulnerability) Severity ¶

func (v Vulnerability) Severity() SeverityRank

Severity returns the severity rank for a vulnerability.

func (Vulnerability) Validate ¶

func (v Vulnerability) Validate() error

Validate checks if a vulnerability is valid.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL